Package firefox: Information

Mozilla Firefox is an open-source web browser, designed
for standards compliance, performance and portability.
- New version (125.0.2).
- New version (125.0.1).
- Update description (closes: 49990).
- Enable VAAPI.
- Security fixes:
  + CVE-2024-3852: GetBoundName in the JIT returned the wrong object
  + CVE-2024-3853: Use-after-free if garbage collection runs during realm initialization
  + CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
  + CVE-2024-3855: Incorrect JIT optimization of MSubstr leads to out-of-bounds reads
  + CVE-2024-3856: Use-after-free in WASM garbage collection
  + CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection
  + CVE-2024-3858: Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
  + CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  + CVE-2024-3860: Crash when tracing empty shape lists
  + CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
  + CVE-2024-3862: Potential use of uninitialized memory in MarkStack assignment operator on self-assignment
  + CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows
  + CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
  + CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
  + CVE-2024-3865: Memory safety bugs fixed in Firefox 125
- New release (124.0.2).

Package firefox: Information

Last changed